On 20/12/2022 22:27, Simo Sorce wrote:
SecureBoot may not be to your liking but is what is installed on 99% of
modern hardware sold, so it is a good idea to first show you can
support it. Then if you have interested you can propose "something
better".
Secure Boot with shim and the use of a Microsoft key defeats all purpose
of the __Secure__ Boot.
Also new computers will be able to boot only Microsoft Windows as
described here[1]:
Secured-core PCs require Secure Boot to be enabled and configured to distrust the Microsoft 3rd Party UEFI CA signature, by default, to provide customers with the most secure configuration of their PCs possible.
To trust and boot operating systems, like Linux, and components signed by the UEFI signature, Secured-core PCs can be configured in the BIOS menu to add the signature in the UEFI database by following these steps
[1]:
https://learn.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process
--
Sincerely,
Vitaly Zaitsev (vitaly@xxxxxxxxxxxxxx)
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue